General
-
Target
575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd
-
Size
666KB
-
Sample
241109-xq1hqszfqn
-
MD5
7f4124df4efbb2bf4fa38da97e52a6fb
-
SHA1
ac7f81f969953cfe172ad7763f54ea113d58920f
-
SHA256
575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd
-
SHA512
fe2e97140b3b35e9f78f8e98d5b2401f5190cd3c353d8d26155f13c94ddf1157641a2b4727ee78265d973b9495cba96aff73296a308f5c77cba292148eb21cc6
-
SSDEEP
12288:cMrcy90AWtSt9zLGheN3Dcx7iF2WuQ3D0vMHRcmiStp+r1C/Vx+VST81t:gy/A20sZAx7iF2U3D0vSRbiStY1Cr+Vd
Static task
static1
Behavioral task
behavioral1
Sample
575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd
-
Size
666KB
-
MD5
7f4124df4efbb2bf4fa38da97e52a6fb
-
SHA1
ac7f81f969953cfe172ad7763f54ea113d58920f
-
SHA256
575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd
-
SHA512
fe2e97140b3b35e9f78f8e98d5b2401f5190cd3c353d8d26155f13c94ddf1157641a2b4727ee78265d973b9495cba96aff73296a308f5c77cba292148eb21cc6
-
SSDEEP
12288:cMrcy90AWtSt9zLGheN3Dcx7iF2WuQ3D0vMHRcmiStp+r1C/Vx+VST81t:gy/A20sZAx7iF2U3D0vSRbiStY1Cr+Vd
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1